Electronic passport cloned - big deal!

08 August 2006

Almost with unbelievable speed, headlines have circulated the globe pronouncing that electronic passport chips can be “cloned”, making them a monumental waste of time, effort and money.

One the face of it, the announcement, made by Lukas Grunwald, a security consultant with DN-Systems in Germany, is shocking, but as is often the case with these sorts of claim, there is little in the findings that is of surprise to the industry itself. Most passport industry experts are dismissing the ‘revelations’ as old news, predictable and completely irrelevant in the real world.

Randy Vanderhoof, executive director of the Smart Card Alliance, explains why there is little to be worried about: “Even if someone could copy the information on your e-passport chip, it doesn’t achieve anything, because all of the information is locked together in such a way that it can’t be changed. It’s no different than someone stealing your electronic passport and trying to use it. No one else can use it because your photo is on the chip and they’re not you."  

 

What Grunwald did

The German researcher announced his findings at a hackers conference last week. He said it took him two weeks to figure out how to clone the passport chip. He tested the attack on the German ePassport, but claims the method would work on any country’s ePassport, because all of them adhere to the same ICAO standard.

Grunwald placed his passport on top of a passport reader (supplied by ACG Identification Technologies). He then used the well-known Golden Reader Tool (supplied by secunet Security Networks) to read the data on the passport chip.

Grunwald then put a sample blank passport page embedded with an RFID tag onto the reader/writer and burnt in the ICAO-specified layout, to make sure the basic structure of the chip matched that of an official passport.

Finally Grunwald used a piece of software he had authored to program the new chip with the copied information.

 

So what?

The British government has poured cold water on Grunwald’s claims. In a statement to SDW it said: “While it might be possible to copy the chip data, were an individual able to gain access to the code required to open the chip, it is not possible to modify or manipulate any of the data because the advanced encryption techniques used are highly secure. The chip is one part of the security features used in the e-passport but being able to copy this does not mean that the passport can be forged or imitated for illegal or unauthorised use.”

The Home Office also pointed out that ePassports are designed in such a way as to make chip substitution virtually impossible without it being glaringly obvious to the border control agent.

Grunwald argues, in an article published by Wired, that “a terrorist whose name is on a watch list could carry a passport with his real name and photo printed on the pages, but with an RFID chip that contains different information cloned from someone else’s passport.”

This view, however, has little credibility in the real world. This is because the information on the printed page, including the bearer’s photograph, is stored on the chip and is displayed on a large screen at passport control. It would be obvious to the border control agent if someone was attempting to use someone else’s e-passport chip information as the facial images among other information would not match.

Another argument is that such a cloned document would be useful in an unattended automated border control scenario. But as most industry experts told SDW the ePassport is not designed for such use. If an ePassport is to be used in such a scenario then there should a biometric system in place to verify the biometric image stored on the passport’s chip against the person presenting the document (such as the Australian Smart Gate project).

 

Looking forward

Even though there is no obvious advantage to having a cloned chip, one way to stop such an occurrence would be for a country to enable its passports to use a process known as Active Authentication. According to Richard Conway, CTO at Temporal S., this process is based on a challenge-response protocol. He explains that a cloned passport would never be able to adhere to this protocol as it is impossible to clone the required private key, which is stored in a special part of the passport chip.

Conway notes that many countries are not planning to use Active Authentication because it can impact the performance of the ePassport in terms of reading times, for example. However, he notes that future fingerprint-based ePassports, such as those to be launched by EU Member States from 2009, will use a process known as Extended Access Control. This, explains Conway, has parallels with Active Authentication, but goes further because it also proves the passport reader is a valid reader.